Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2023:6939
HistoryNov 14, 2023 - 8:40 a.m.

(RHSA-2023:6939) Moderate: container-tools:rhel8 security and bug fix update

2023-11-1408:40:58
access.redhat.com
69
container-tools
security fix
podman
buildah
skopeo
runc
go-yaml
golang
html/template
net/http
net/textproto
mime/multipart
crypto/tls
golang.org/x/net/html
cve-2022-3064
cve-2023-24540
cve-2022-41723
cve-2022-41724
cve-2022-41725
cve-2023-3978
cve-2023-24534
cve-2023-24536
cve-2023-24537
cve-2023-24538
cve-2023-24539
containerd
runc
cve-2023-25173
cve-2023-25809
cve-2023-27561
cve-2023-28642
cve-2023-29400
cve-2023-29406
cve

6.6 Medium

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.

Security Fix(es):

  • go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents (CVE-2022-3064)

  • golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

  • net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

  • golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

  • golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

  • golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

  • golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

  • golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption (CVE-2023-24536)

  • golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

  • golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

  • golang: html/template: improper sanitization of CSS values (CVE-2023-24539)

  • containerd: Supplementary groups are not set up properly (CVE-2023-25173)

  • runc: Rootless runc makes /sys/fs/cgroup writable (CVE-2023-25809)

  • runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)

  • runc: AppArmor can be bypassed when /proc inside the container is symlinked with a specific mount configuration (CVE-2023-28642)

  • golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)

  • golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64lepodman< 4.6.1-4.module+el8.9.0+19761+326da906podman-4.6.1-4.module+el8.9.0+19761+326da906.ppc64le.rpm
RedHatanyx86_64libslirp-debuginfo< 4.4.0-1.module+el8.9.0+19244+655f84eelibslirp-debuginfo-4.4.0-1.module+el8.9.0+19244+655f84ee.x86_64.rpm
RedHatanyx86_64podman< 4.6.1-4.module+el8.9.0+19761+326da906podman-4.6.1-4.module+el8.9.0+19761+326da906.x86_64.rpm
RedHatanyppc64lelibslirp-debugsource< 4.4.0-1.module+el8.9.0+19244+655f84eelibslirp-debugsource-4.4.0-1.module+el8.9.0+19244+655f84ee.ppc64le.rpm
RedHatanyaarch64slirp4netns-debuginfo< 1.2.1-1.module+el8.9.0+19731+94cfa27eslirp4netns-debuginfo-1.2.1-1.module+el8.9.0+19731+94cfa27e.aarch64.rpm
RedHatanys390xbuildah-tests< 1.31.3-1.module+el8.9.0+19761+326da906buildah-tests-1.31.3-1.module+el8.9.0+19761+326da906.s390x.rpm
RedHatanyppc64leaardvark-dns< 1.7.0-1.module+el8.9.0+19244+655f84eeaardvark-dns-1.7.0-1.module+el8.9.0+19244+655f84ee.ppc64le.rpm
RedHatanyppc64lepodman-debuginfo< 4.6.1-4.module+el8.9.0+19761+326da906podman-debuginfo-4.6.1-4.module+el8.9.0+19761+326da906.ppc64le.rpm
RedHatanyppc64lecriu< 3.18-4.module+el8.9.0+19090+d2921118criu-3.18-4.module+el8.9.0+19090+d2921118.ppc64le.rpm
RedHatanyx86_64oci-seccomp-bpf-hook-debugsource< 1.2.9-1.module+el8.9.0+19090+d2921118oci-seccomp-bpf-hook-debugsource-1.2.9-1.module+el8.9.0+19090+d2921118.x86_64.rpm
Rows per page:
1-10 of 2411

Related

nessus 84
osv 10
almalinux 8
redhat 30
oraclelinux 9
redos 1
ubuntu 3
openvas 25
ibm 15
mageia 3
freebsd 2
altlinux 3
amazon 4
photon 2
nessus
nessus
Oracle Linux 8 : container-tools:4.0 (ELSA-2023-6938)
2023-11-21 00:00:00
RHEL 8 : container-tools:rhel8 (RHSA-2023:6939)
2023-11-14 00:00:00
RHEL 8 : container-tools:4.0 (RHSA-2023:6938)
2023-11-14 00:00:00
osv
osv
Moderate: container-tools:rhel8 security and bug fix update
2023-11-14 00:00:00
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
Moderate: buildah security update
2023-11-07 00:00:00
almalinux
almalinux
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
Moderate: container-tools:rhel8 security and bug fix update
2023-11-14 00:00:00
Moderate: buildah security update
2023-11-07 00:00:00
redhat
redhat
(RHSA-2023:6938) Moderate: container-tools:4.0 security and bug fix update
2023-11-14 08:40:57
(RHSA-2023:6474) Moderate: podman security, bug fix, and enhancement update
2023-11-07 06:06:30
(RHSA-2023:6363) Moderate: skopeo security update
2023-11-07 06:03:10
oraclelinux
oraclelinux
container-tools:ol8 security and bug fix update
2023-11-18 00:00:00
container-tools:4.0 security and bug fix update
2023-11-18 00:00:00
skopeo security update
2023-11-11 00:00:00
redos
redos
ROS-20240418-06
2024-04-18 00:00:00
ubuntu
ubuntu
Go vulnerabilities
2023-06-06 00:00:00
runC vulnerabilities
2023-05-18 00:00:00
runC vulnerabilities
2023-05-23 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:2127-1)
2023-05-09 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2644)
2023-09-05 00:00:00
Ubuntu: Security Advisory (USN-6140-1)
2023-06-07 00:00:00
ibm
ibm
Security Bulletin: IBM Event Streams is affected by multiple Golang Go vulnerabilities
2023-07-25 06:06:32
Security Bulletin: Operations Dashboard is vulnerable to multiple vulnerabilities in Golang
2023-06-23 10:27:16
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps
2023-08-30 14:43:27
mageia
mageia
Updated opencontainers-runc packages fix security vulnerability
2023-04-07 00:20:12
Updated golang packages fix security vulnerability
2023-04-15 22:03:44
Updated golang packages fix security vulnerability
2023-05-16 22:17:40
freebsd
freebsd
go -- multiple vulnerabilities
2023-04-04 00:00:00
go -- multiple vulnerabilities
2023-02-14 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.8-alt1
2023-04-10 00:00:00
Security fix for the ALT Linux 10 package runc version 1.1.5-alt1
2023-04-20 00:00:00
Security fix for the ALT Linux 10 package golang version 1.19.9-alt1
2023-05-03 00:00:00
amazon
amazon
Important: amazon-ssm-agent
2023-10-12 15:09:00
Important: golang
2023-04-13 19:28:00
Important: golang
2023-06-05 16:39:00
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0433
2023-07-21 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0425
2023-07-12 00:00:00

6.6 Medium

AI Score

Confidence

High

0.024 Low

EPSS

Percentile

90.0%

JSON
Related for RHSA-2023:6939
nessus84osv10almalinux8redhat30oraclelinux9redos1ubuntu3openvas25ibm15mageia3freebsd2altlinux3amazon4photon2